Andromeda botnet taken down, Belarusian involved arrested

A joint operation involving Germany, the United States and Belarus has taken down a malware system known as “Andromeda” or “Gamarue” that infected more than 2 million computers globally, Europol said on Tuesday.

Andromeda is best described as a “botnet”, or group of computers that have been infected with a virus that allows hackers to control them remotely without the knowledge of their owners, using them to steal, destroy websites or spread malicious code.

The police operation, which involved help from Microsoft, was significant both for the number of infected computers and because Andromeda had been used over a number of years to distribute new viruses, said Europol spokesman Jan Op Gen Oorth.

“Andromeda was one of the oldest malware on the market,” added the spokesman for Europol, the EU’s law enforcement agency.

The suspect whom international authorities arrested in Belarus during a Nov. 29 operation to dismantle the Andromeda botnet has been identified with a high degree of certainty as Jarets Sergey Grigorevich – aka Ar3s, a high-profile cybercriminal and malware expert.

According to a Nov. 5 blog post from Recorded Future’s Insikt Group, whose researchers made the identification, Ar3s, 33, is the mastermind of the botnet, and “one of the oldest and more highly respected members of the criminal underground.”

Also known as Apec (in Russian), Ch1t3r, and Sergey Jaretz or Sergey Jarets, Grigorevich’s dealings in the Russian-speaking underground date back to at least 2014, the post continues. “Ar3s is recognized as a leading expert in malware development and reverse engineering, network security, and antivirus technology,” writes company blog post authors Andrei Barysevich, director of the advanced collection, and Alexandr Solad, intelligence analyst.